diff options
Diffstat (limited to 'src/regress')
| -rw-r--r-- | src/regress/lib/libssl/tlsext/tlsexttest.c | 441 |
1 files changed, 435 insertions, 6 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 05b18b5b05..d9b048dbfc 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tlsexttest.c,v 1.26 2019/01/24 00:07:58 beck Exp $ */ | 1 | /* $OpenBSD: tlsexttest.c,v 1.27 2019/01/24 02:56:41 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -2929,11 +2929,15 @@ test_tlsext_serverhello_build(void) | |||
| 2929 | return (failure); | 2929 | return (failure); |
| 2930 | } | 2930 | } |
| 2931 | 2931 | ||
| 2932 | static unsigned char tlsext_versions_client[] = { | 2932 | const unsigned char tlsext_versions_client[] = { |
| 2933 | 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, | 2933 | 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, |
| 2934 | 0x02, 0x03, 0x01, | 2934 | 0x02, 0x03, 0x01, |
| 2935 | }; | 2935 | }; |
| 2936 | 2936 | ||
| 2937 | const unsigned char tlsext_versions_server[] = { | ||
| 2938 | 0x03, 0x04, | ||
| 2939 | }; | ||
| 2940 | |||
| 2937 | static int | 2941 | static int |
| 2938 | test_tlsext_versions_client(void) | 2942 | test_tlsext_versions_client(void) |
| 2939 | { | 2943 | { |
| @@ -3001,12 +3005,12 @@ test_tlsext_versions_client(void) | |||
| 3001 | 3005 | ||
| 3002 | if (dlen != sizeof(tlsext_versions_client)) { | 3006 | if (dlen != sizeof(tlsext_versions_client)) { |
| 3003 | FAIL("got versions with length %zu, " | 3007 | FAIL("got versions with length %zu, " |
| 3004 | "want length %zu\n", dlen, (size_t) sizeof(tlsext_versions_client)); | 3008 | "want length %zu\n", dlen, sizeof(tlsext_versions_client)); |
| 3005 | failure = 1; | 3009 | failure = 1; |
| 3006 | goto done; | 3010 | goto done; |
| 3007 | } | 3011 | } |
| 3008 | 3012 | ||
| 3009 | CBS_init(&cbs, tlsext_versions_client, sizeof(tlsext_versions_client)); | 3013 | CBS_init(&cbs, data, dlen); |
| 3010 | if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) { | 3014 | if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) { |
| 3011 | FAIL("failed to parse client versions\n"); | 3015 | FAIL("failed to parse client versions\n"); |
| 3012 | failure = 1; | 3016 | failure = 1; |
| @@ -3026,7 +3030,82 @@ test_tlsext_versions_client(void) | |||
| 3026 | return (failure); | 3030 | return (failure); |
| 3027 | } | 3031 | } |
| 3028 | 3032 | ||
| 3029 | static unsigned char tlsext_keyshare_client[] = { | 3033 | |
| 3034 | static int | ||
| 3035 | test_tlsext_versions_server(void) | ||
| 3036 | { | ||
| 3037 | unsigned char *data = NULL; | ||
| 3038 | SSL_CTX *ssl_ctx = NULL; | ||
| 3039 | SSL *ssl = NULL; | ||
| 3040 | int failure = 0; | ||
| 3041 | size_t dlen; | ||
| 3042 | int alert; | ||
| 3043 | CBB cbb; | ||
| 3044 | CBS cbs; | ||
| 3045 | |||
| 3046 | CBB_init(&cbb, 0); | ||
| 3047 | |||
| 3048 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | ||
| 3049 | errx(1, "failed to create SSL_CTX"); | ||
| 3050 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | ||
| 3051 | errx(1, "failed to create SSL"); | ||
| 3052 | |||
| 3053 | ssl->version = TLS1_2_VERSION; | ||
| 3054 | |||
| 3055 | if (tlsext_versions_server_needs(ssl)) { | ||
| 3056 | FAIL("server should not need versions\n"); | ||
| 3057 | failure = 1; | ||
| 3058 | goto done; | ||
| 3059 | } | ||
| 3060 | |||
| 3061 | ssl->version = TLS1_3_VERSION; | ||
| 3062 | |||
| 3063 | if (!tlsext_versions_server_needs(ssl)) { | ||
| 3064 | FAIL("server should need versions\n"); | ||
| 3065 | failure = 1; | ||
| 3066 | goto done; | ||
| 3067 | } | ||
| 3068 | |||
| 3069 | if (!tlsext_versions_server_build(ssl, &cbb)) { | ||
| 3070 | FAIL("server should have built versions\n"); | ||
| 3071 | failure = 1; | ||
| 3072 | goto done; | ||
| 3073 | } | ||
| 3074 | |||
| 3075 | if (!CBB_finish(&cbb, &data, &dlen)) { | ||
| 3076 | FAIL("failed to finish CBB"); | ||
| 3077 | failure = 1; | ||
| 3078 | goto done; | ||
| 3079 | } | ||
| 3080 | |||
| 3081 | if (dlen != sizeof(tlsext_versions_server)) { | ||
| 3082 | FAIL("got versions with length %zu, " | ||
| 3083 | "want length %zu\n", dlen, sizeof(tlsext_versions_server)); | ||
| 3084 | failure = 1; | ||
| 3085 | goto done; | ||
| 3086 | } | ||
| 3087 | |||
| 3088 | CBS_init(&cbs, data, dlen); | ||
| 3089 | if (!tlsext_versions_client_parse(ssl, &cbs, &alert)) { | ||
| 3090 | FAIL("failed to parse client versions\n"); | ||
| 3091 | failure = 1; | ||
| 3092 | goto done; | ||
| 3093 | } | ||
| 3094 | if (CBS_len(&cbs) != 0) { | ||
| 3095 | FAIL("extension data remaining"); | ||
| 3096 | failure = 1; | ||
| 3097 | goto done; | ||
| 3098 | } | ||
| 3099 | done: | ||
| 3100 | CBB_cleanup(&cbb); | ||
| 3101 | SSL_CTX_free(ssl_ctx); | ||
| 3102 | SSL_free(ssl); | ||
| 3103 | free(data); | ||
| 3104 | |||
| 3105 | return (failure); | ||
| 3106 | } | ||
| 3107 | |||
| 3108 | const unsigned char tlsext_keyshare_client[] = { | ||
| 3030 | 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83, | 3109 | 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83, |
| 3031 | 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70, | 3110 | 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70, |
| 3032 | 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8, | 3111 | 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8, |
| @@ -3034,6 +3113,14 @@ static unsigned char tlsext_keyshare_client[] = { | |||
| 3034 | 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b, | 3113 | 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b, |
| 3035 | }; | 3114 | }; |
| 3036 | 3115 | ||
| 3116 | const unsigned char tlsext_keyshare_server[] = { | ||
| 3117 | 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9, | ||
| 3118 | 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c, | ||
| 3119 | 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11, | ||
| 3120 | 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51, | ||
| 3121 | 0x76, 0x1e, 0xe8, 0x22 | ||
| 3122 | }; | ||
| 3123 | |||
| 3037 | static int | 3124 | static int |
| 3038 | test_tlsext_keyshare_client(void) | 3125 | test_tlsext_keyshare_client(void) |
| 3039 | { | 3126 | { |
| @@ -3095,17 +3182,22 @@ test_tlsext_keyshare_client(void) | |||
| 3095 | goto done; | 3182 | goto done; |
| 3096 | } | 3183 | } |
| 3097 | 3184 | ||
| 3098 | CBS_init(&cbs, tlsext_keyshare_client, sizeof(tlsext_keyshare_client)); | 3185 | (ssl)->version = TLS1_3_VERSION; |
| 3186 | CBS_init(&cbs, data, dlen); | ||
| 3187 | |||
| 3099 | if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) { | 3188 | if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) { |
| 3100 | FAIL("failed to parse client keyshare\n"); | 3189 | FAIL("failed to parse client keyshare\n"); |
| 3101 | failure = 1; | 3190 | failure = 1; |
| 3102 | goto done; | 3191 | goto done; |
| 3103 | } | 3192 | } |
| 3193 | |||
| 3104 | if (CBS_len(&cbs) != 0) { | 3194 | if (CBS_len(&cbs) != 0) { |
| 3105 | FAIL("extension data remaining"); | 3195 | FAIL("extension data remaining"); |
| 3106 | failure = 1; | 3196 | failure = 1; |
| 3107 | goto done; | 3197 | goto done; |
| 3108 | } | 3198 | } |
| 3199 | |||
| 3200 | |||
| 3109 | done: | 3201 | done: |
| 3110 | CBB_cleanup(&cbb); | 3202 | CBB_cleanup(&cbb); |
| 3111 | SSL_CTX_free(ssl_ctx); | 3203 | SSL_CTX_free(ssl_ctx); |
| @@ -3115,6 +3207,338 @@ test_tlsext_keyshare_client(void) | |||
| 3115 | return (failure); | 3207 | return (failure); |
| 3116 | } | 3208 | } |
| 3117 | 3209 | ||
| 3210 | static int | ||
| 3211 | test_tlsext_keyshare_server(void) | ||
| 3212 | { | ||
| 3213 | unsigned char *data = NULL; | ||
| 3214 | SSL_CTX *ssl_ctx = NULL; | ||
| 3215 | SSL *ssl = NULL; | ||
| 3216 | int failure = 0; | ||
| 3217 | size_t dlen, idx; | ||
| 3218 | int alert; | ||
| 3219 | CBB cbb; | ||
| 3220 | CBS cbs; | ||
| 3221 | uint8_t bogokey[] = { | ||
| 3222 | 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3, | ||
| 3223 | 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99, | ||
| 3224 | 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6, | ||
| 3225 | 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22 | ||
| 3226 | }; | ||
| 3227 | |||
| 3228 | CBB_init(&cbb, 0); | ||
| 3229 | |||
| 3230 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | ||
| 3231 | errx(1, "failed to create SSL_CTX"); | ||
| 3232 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | ||
| 3233 | errx(1, "failed to create SSL"); | ||
| 3234 | |||
| 3235 | (ssl)->version = 0; | ||
| 3236 | if (tlsext_keyshare_server_needs(ssl)) { | ||
| 3237 | FAIL("server should not need keyshare\n"); | ||
| 3238 | failure = 1; | ||
| 3239 | goto done; | ||
| 3240 | } | ||
| 3241 | |||
| 3242 | (ssl)->version = TLS1_2_VERSION; | ||
| 3243 | if (tlsext_keyshare_server_needs(ssl)) { | ||
| 3244 | FAIL("server should not need keyshare\n"); | ||
| 3245 | failure = 1; | ||
| 3246 | goto done; | ||
| 3247 | } | ||
| 3248 | |||
| 3249 | ssl->version = TLS1_3_VERSION; | ||
| 3250 | if (tlsext_keyshare_server_needs(ssl)) { | ||
| 3251 | FAIL("client should not need keyshare\n"); | ||
| 3252 | failure = 1; | ||
| 3253 | goto done; | ||
| 3254 | } | ||
| 3255 | |||
| 3256 | if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) | ||
| 3257 | FAIL("Can't find keyshare extension"); | ||
| 3258 | S3I(ssl)->hs.extensions_seen |= (1 << idx); | ||
| 3259 | |||
| 3260 | if (!tlsext_keyshare_server_needs(ssl)) { | ||
| 3261 | FAIL("server should need keyshare"); | ||
| 3262 | failure = 1; | ||
| 3263 | goto done; | ||
| 3264 | } | ||
| 3265 | |||
| 3266 | if (tlsext_keyshare_server_build(ssl, &cbb)) { | ||
| 3267 | FAIL("server should not have built a keyshare response"); | ||
| 3268 | failure = 1; | ||
| 3269 | goto done; | ||
| 3270 | } | ||
| 3271 | |||
| 3272 | S3I(ssl)->hs_tls13.x25519_peer_public = bogokey; | ||
| 3273 | if (!tlsext_keyshare_server_build(ssl, &cbb)) { | ||
| 3274 | FAIL("server should be able to build a keyshare response"); | ||
| 3275 | failure = 1; | ||
| 3276 | goto done; | ||
| 3277 | } | ||
| 3278 | S3I(ssl)->hs_tls13.x25519_peer_public = NULL; | ||
| 3279 | |||
| 3280 | if (!CBB_finish(&cbb, &data, &dlen)) { | ||
| 3281 | FAIL("failed to finish CBB"); | ||
| 3282 | failure = 1; | ||
| 3283 | goto done; | ||
| 3284 | } | ||
| 3285 | |||
| 3286 | if (dlen != sizeof(tlsext_keyshare_server)) { | ||
| 3287 | FAIL("got server keyshare with length %zu, " | ||
| 3288 | "want length %zu\n", dlen, sizeof(tlsext_keyshare_server)); | ||
| 3289 | failure = 1; | ||
| 3290 | goto done; | ||
| 3291 | } | ||
| 3292 | |||
| 3293 | CBS_init(&cbs, data, dlen); | ||
| 3294 | |||
| 3295 | if (!tlsext_keyshare_client_parse(ssl, &cbs, &alert)) { | ||
| 3296 | FAIL("failed to parse server keyshare\n"); | ||
| 3297 | failure = 1; | ||
| 3298 | goto done; | ||
| 3299 | } | ||
| 3300 | |||
| 3301 | if (CBS_len(&cbs) != 0) { | ||
| 3302 | FAIL("extension data remaining"); | ||
| 3303 | failure = 1; | ||
| 3304 | goto done; | ||
| 3305 | } | ||
| 3306 | |||
| 3307 | done: | ||
| 3308 | CBB_cleanup(&cbb); | ||
| 3309 | SSL_CTX_free(ssl_ctx); | ||
| 3310 | SSL_free(ssl); | ||
| 3311 | free(data); | ||
| 3312 | |||
| 3313 | return (failure); | ||
| 3314 | } | ||
| 3315 | |||
| 3316 | /* One day I hope to be the only Muppet in this codebase */ | ||
| 3317 | const uint8_t cookie[] = "\n" | ||
| 3318 | " .---. .---. \n" | ||
| 3319 | " : : o : me want cookie! \n" | ||
| 3320 | " _..-: o : :-.._ / \n" | ||
| 3321 | " .-'' ' `---' `---' ' ``-. \n" | ||
| 3322 | " .' ' ' ' . ' . ' ' `. \n" | ||
| 3323 | " : '.---.,,.,...,.,.,.,..---. ' ; \n" | ||
| 3324 | " `. ' `. .' ' .' \n" | ||
| 3325 | " `. '`. .' ' .' \n" | ||
| 3326 | " `. `-._ _.-' ' .' .----. \n" | ||
| 3327 | " `. ' ''--...--'' . ' .' .' o `. \n" | ||
| 3328 | " .'`-._' ' . ' _.-'`. : o : \n" | ||
| 3329 | " jgs .' ```--.....--''' ' `:_ o : \n" | ||
| 3330 | " .' ' ' ' ' ; `.;';';';' \n" | ||
| 3331 | " ; ' ' ' . ; .' ; ; ; \n" | ||
| 3332 | " ; ' ' ' ' .' .-' \n" | ||
| 3333 | " ' ' ' ' ' ' _.-' \n"; | ||
| 3334 | |||
| 3335 | static int | ||
| 3336 | test_tlsext_cookie_client(void) | ||
| 3337 | { | ||
| 3338 | unsigned char *data = NULL; | ||
| 3339 | SSL_CTX *ssl_ctx = NULL; | ||
| 3340 | SSL *ssl = NULL; | ||
| 3341 | int failure = 0; | ||
| 3342 | size_t dlen; | ||
| 3343 | int alert; | ||
| 3344 | CBB cbb; | ||
| 3345 | CBS cbs; | ||
| 3346 | |||
| 3347 | CBB_init(&cbb, 0); | ||
| 3348 | |||
| 3349 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | ||
| 3350 | errx(1, "failed to create SSL_CTX"); | ||
| 3351 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | ||
| 3352 | errx(1, "failed to create SSL"); | ||
| 3353 | |||
| 3354 | S3I(ssl)->hs_tls13.max_version = 0; | ||
| 3355 | if (tlsext_cookie_client_needs(ssl)) { | ||
| 3356 | FAIL("client should not need cookie\n"); | ||
| 3357 | failure = 1; | ||
| 3358 | goto done; | ||
| 3359 | } | ||
| 3360 | |||
| 3361 | S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; | ||
| 3362 | if (tlsext_cookie_client_needs(ssl)) { | ||
| 3363 | FAIL("client should not need cookie\n"); | ||
| 3364 | failure = 1; | ||
| 3365 | goto done; | ||
| 3366 | } | ||
| 3367 | |||
| 3368 | |||
| 3369 | S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; | ||
| 3370 | if (tlsext_cookie_client_needs(ssl)) { | ||
| 3371 | FAIL("client should not need cookie\n"); | ||
| 3372 | failure = 1; | ||
| 3373 | goto done; | ||
| 3374 | } | ||
| 3375 | |||
| 3376 | /* Normally would be set by receiving a server cookie in an HRR */ | ||
| 3377 | S3I(ssl)->hs_tls13.cookie = strdup(cookie); | ||
| 3378 | S3I(ssl)->hs_tls13.cookie_len = strlen(cookie); | ||
| 3379 | |||
| 3380 | if (!tlsext_cookie_client_needs(ssl)) { | ||
| 3381 | FAIL("client should need cookie"); | ||
| 3382 | failure = 1; | ||
| 3383 | goto done; | ||
| 3384 | } | ||
| 3385 | |||
| 3386 | if (!tlsext_cookie_client_build(ssl, &cbb)) { | ||
| 3387 | FAIL("client should have built a cookie response"); | ||
| 3388 | failure = 1; | ||
| 3389 | goto done; | ||
| 3390 | } | ||
| 3391 | |||
| 3392 | if (!CBB_finish(&cbb, &data, &dlen)) { | ||
| 3393 | FAIL("failed to finish CBB"); | ||
| 3394 | failure = 1; | ||
| 3395 | goto done; | ||
| 3396 | } | ||
| 3397 | |||
| 3398 | if (dlen != strlen(cookie) + sizeof(uint16_t)) { | ||
| 3399 | FAIL("got cookie with length %zu, " | ||
| 3400 | "want length %zu\n", dlen, strlen(cookie) + | ||
| 3401 | sizeof(uint16_t)); | ||
| 3402 | failure = 1; | ||
| 3403 | goto done; | ||
| 3404 | } | ||
| 3405 | |||
| 3406 | CBS_init(&cbs, data, dlen); | ||
| 3407 | |||
| 3408 | /* Checks cookie against what's in the hs_tls13 */ | ||
| 3409 | if (!tlsext_cookie_server_parse(ssl, &cbs, &alert)) { | ||
| 3410 | FAIL("failed to parse client cookie\n"); | ||
| 3411 | failure = 1; | ||
| 3412 | goto done; | ||
| 3413 | } | ||
| 3414 | |||
| 3415 | if (CBS_len(&cbs) != 0) { | ||
| 3416 | FAIL("extension data remaining"); | ||
| 3417 | failure = 1; | ||
| 3418 | goto done; | ||
| 3419 | } | ||
| 3420 | |||
| 3421 | done: | ||
| 3422 | CBB_cleanup(&cbb); | ||
| 3423 | SSL_CTX_free(ssl_ctx); | ||
| 3424 | SSL_free(ssl); | ||
| 3425 | free(data); | ||
| 3426 | |||
| 3427 | return (failure); | ||
| 3428 | } | ||
| 3429 | |||
| 3430 | static int | ||
| 3431 | test_tlsext_cookie_server(void) | ||
| 3432 | { | ||
| 3433 | unsigned char *data = NULL; | ||
| 3434 | SSL_CTX *ssl_ctx = NULL; | ||
| 3435 | SSL *ssl = NULL; | ||
| 3436 | int failure = 0; | ||
| 3437 | size_t dlen; | ||
| 3438 | int alert; | ||
| 3439 | CBB cbb; | ||
| 3440 | CBS cbs; | ||
| 3441 | |||
| 3442 | CBB_init(&cbb, 0); | ||
| 3443 | |||
| 3444 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | ||
| 3445 | errx(1, "failed to create SSL_CTX"); | ||
| 3446 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | ||
| 3447 | errx(1, "failed to create SSL"); | ||
| 3448 | |||
| 3449 | S3I(ssl)->hs_tls13.max_version = 0; | ||
| 3450 | if (tlsext_cookie_server_needs(ssl)) { | ||
| 3451 | FAIL("server should not need cookie\n"); | ||
| 3452 | failure = 1; | ||
| 3453 | goto done; | ||
| 3454 | } | ||
| 3455 | |||
| 3456 | S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; | ||
| 3457 | if (tlsext_cookie_server_needs(ssl)) { | ||
| 3458 | FAIL("server should not need cookie\n"); | ||
| 3459 | failure = 1; | ||
| 3460 | goto done; | ||
| 3461 | } | ||
| 3462 | |||
| 3463 | |||
| 3464 | S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; | ||
| 3465 | if (tlsext_cookie_server_needs(ssl)) { | ||
| 3466 | FAIL("server should not need cookie\n"); | ||
| 3467 | failure = 1; | ||
| 3468 | goto done; | ||
| 3469 | } | ||
| 3470 | |||
| 3471 | /* Normally would be set by server before sending HRR */ | ||
| 3472 | S3I(ssl)->hs_tls13.cookie = strdup(cookie); | ||
| 3473 | S3I(ssl)->hs_tls13.cookie_len = strlen(cookie); | ||
| 3474 | |||
| 3475 | if (!tlsext_cookie_server_needs(ssl)) { | ||
| 3476 | FAIL("server should need cookie"); | ||
| 3477 | failure = 1; | ||
| 3478 | goto done; | ||
| 3479 | } | ||
| 3480 | |||
| 3481 | if (!tlsext_cookie_server_build(ssl, &cbb)) { | ||
| 3482 | FAIL("server have built a cookie response"); | ||
| 3483 | failure = 1; | ||
| 3484 | goto done; | ||
| 3485 | } | ||
| 3486 | |||
| 3487 | if (!CBB_finish(&cbb, &data, &dlen)) { | ||
| 3488 | FAIL("failed to finish CBB"); | ||
| 3489 | failure = 1; | ||
| 3490 | goto done; | ||
| 3491 | } | ||
| 3492 | |||
| 3493 | if (dlen != strlen(cookie) + sizeof(uint16_t)) { | ||
| 3494 | FAIL("got cookie with length %zu, " | ||
| 3495 | "want length %zu\n", dlen, strlen(cookie) + | ||
| 3496 | sizeof(uint16_t)); | ||
| 3497 | failure = 1; | ||
| 3498 | goto done; | ||
| 3499 | } | ||
| 3500 | |||
| 3501 | CBS_init(&cbs, data, dlen); | ||
| 3502 | |||
| 3503 | if (tlsext_cookie_client_parse(ssl, &cbs, &alert)) { | ||
| 3504 | FAIL("client should not have parsed server cookie\n"); | ||
| 3505 | failure = 1; | ||
| 3506 | goto done; | ||
| 3507 | } | ||
| 3508 | |||
| 3509 | freezero(S3I(ssl)->hs_tls13.cookie, S3I(ssl)->hs_tls13.cookie_len); | ||
| 3510 | S3I(ssl)->hs_tls13.cookie = NULL; | ||
| 3511 | S3I(ssl)->hs_tls13.cookie_len = 0; | ||
| 3512 | |||
| 3513 | if (!tlsext_cookie_client_parse(ssl, &cbs, &alert)) { | ||
| 3514 | FAIL("failed to parse server cookie\n"); | ||
| 3515 | failure = 1; | ||
| 3516 | goto done; | ||
| 3517 | } | ||
| 3518 | |||
| 3519 | if (memcmp(cookie, S3I(ssl)->hs_tls13.cookie, | ||
| 3520 | S3I(ssl)->hs_tls13.cookie_len) != 0) { | ||
| 3521 | FAIL("parsed server cookie does not match sent cookie\n"); | ||
| 3522 | failure = 1; | ||
| 3523 | goto done; | ||
| 3524 | } | ||
| 3525 | |||
| 3526 | if (CBS_len(&cbs) != 0) { | ||
| 3527 | FAIL("extension data remaining"); | ||
| 3528 | failure = 1; | ||
| 3529 | goto done; | ||
| 3530 | } | ||
| 3531 | |||
| 3532 | done: | ||
| 3533 | CBB_cleanup(&cbb); | ||
| 3534 | SSL_CTX_free(ssl_ctx); | ||
| 3535 | SSL_free(ssl); | ||
| 3536 | free(data); | ||
| 3537 | |||
| 3538 | return (failure); | ||
| 3539 | } | ||
| 3540 | |||
| 3541 | |||
| 3118 | int | 3542 | int |
| 3119 | main(int argc, char **argv) | 3543 | main(int argc, char **argv) |
| 3120 | { | 3544 | { |
| @@ -3148,8 +3572,13 @@ main(int argc, char **argv) | |||
| 3148 | failed |= test_tlsext_sessionticket_server(); | 3572 | failed |= test_tlsext_sessionticket_server(); |
| 3149 | 3573 | ||
| 3150 | failed |= test_tlsext_versions_client(); | 3574 | failed |= test_tlsext_versions_client(); |
| 3575 | failed |= test_tlsext_versions_server(); | ||
| 3151 | 3576 | ||
| 3152 | failed |= test_tlsext_keyshare_client(); | 3577 | failed |= test_tlsext_keyshare_client(); |
| 3578 | failed |= test_tlsext_keyshare_server(); | ||
| 3579 | |||
| 3580 | failed |= test_tlsext_cookie_client(); | ||
| 3581 | failed |= test_tlsext_cookie_server(); | ||
| 3153 | 3582 | ||
| 3154 | #ifndef OPENSSL_NO_SRTP | 3583 | #ifndef OPENSSL_NO_SRTP |
| 3155 | failed |= test_tlsext_srtp_client(); | 3584 | failed |= test_tlsext_srtp_client(); |